package com.jt.auth.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;

@Configuration
public class TokenConfig {

    @Bean
    public AuthorizationServerTokenServices tokenServices() {
        DefaultTokenServices tokenServices = new DefaultTokenServices();
        //设置令牌存储对象
        tokenServices.setTokenStore(tokenStore());
        //进行令牌增强
        tokenServices.setTokenEnhancer(jwtAccessTokenConverter());
        //设置访问令牌有效期(访问令牌返回访问资源时要携带的信息)
        tokenServices.setAccessTokenValiditySeconds(3600);
        //设置刷新令牌，在范围跟令牌即将到期时，还可以使用刷新令牌再去请求一个jwt令牌
        tokenServices.setSupportRefreshToken(true);
        tokenServices.setRefreshTokenValiditySeconds(7200);
        return tokenServices;
    }
    @Bean
    public TokenStore tokenStore() {
        return new JwtTokenStore(jwtAccessTokenConverter());
    }

    /**签名key，对Jwt令牌签名时使用，这个值可以自己随意定义，*/
    private String signingKey="auth";
    @Bean
    public JwtAccessTokenConverter jwtAccessTokenConverter(){
        JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
        //设置签名key，对Jwt令牌进行签名时使用，key不能让客户端知道
        jwtAccessTokenConverter.setSigningKey(signingKey);
        return jwtAccessTokenConverter;
    }

}
